-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathblueprint.yaml
200 lines (185 loc) · 5.99 KB
/
blueprint.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
tosca_definitions_version: cloudify_dsl_1_3
imports:
- https://cloudify.co/spec/cloudify/6.2.0/types.yaml
- plugin:cloudify-aws-plugin?version= >=2.5.6
dsl_definitions:
aws_client: &aws_client
aws_access_key_id: { get_input: [ cloud_credentials, aws_access_key_id ] }
aws_secret_access_key: { get_input: [ cloud_credentials, aws_secret_access_key ] }
region_name: { get_input: [ resource_config, aws_region_name ] }
inputs:
resource_config:
type: resource_config
cloud_credentials:
type: dict
data_types:
resource_config:
properties:
name:
type: string
aws_region_name:
type: string
cidr_block:
type: string
default: 10.0.0.0/16
subnet_1_cidr:
type: string
default: 10.0.0.0/24
subnet_2_cidr:
type: string
default: 10.0.1.0/24
availability_zone_1:
type: string
default: { concat: [ { get_input: [ resource_config, aws_region_name ] }, 'a' ] }
availability_zone_2:
type: string
default: { concat: [ { get_input: [ resource_config, aws_region_name ] }, 'b' ] }
vpc_tags:
type: list
default:
- Key: Name
Value: { get_input: [ resource_config, name ] }
subnet_1_tags:
type: list
default:
- Key: Name
Value: { concat: [ { get_input: [ resource_config, name ] }, '-subnet-1' ] }
subnet_2_tags:
type: list
default:
- Key: Name
Value: { concat: [ { get_input: [ resource_config, name ] }, '-subnet-2' ] }
node_templates:
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config: *aws_client
resource_config:
CidrBlock: { get_input: [ resource_config, cidr_block ] }
Tags: { get_input: [ resource_config, vpc_tags ] }
internet_gateway:
type: cloudify.nodes.aws.ec2.InternetGateway
properties:
client_config: *aws_client
Tags:
- Key: Name
Value: { concat: [ { get_input: [ resource_config, name ] }, '-internet-gateway' ] }
relationships:
- type: cloudify.relationships.connected_to
target: vpc
main_route_table:
type: cloudify.nodes.aws.ec2.RouteTable
properties:
client_config: *aws_client
use_external_resource: true
resource_id: { get_attribute: [ vpc, main_route_table_id ] }
relationships:
- type: cloudify.relationships.contained_in
target: vpc
route_internet_gateway:
type: cloudify.nodes.aws.ec2.Route
properties:
client_config: *aws_client
resource_config:
kwargs:
DestinationCidrBlock: '0.0.0.0/0'
relationships:
- type: cloudify.relationships.contained_in
target: main_route_table
- type: cloudify.relationships.connected_to
target: internet_gateway
# interfaces:
# cloudify.interfaces.lifecycle:
# stop: {}
subnet_1:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config: *aws_client
resource_config:
CidrBlock: { get_input: [ resource_config, subnet_1_cidr ] }
AvailabilityZone: { get_input: [ resource_config, availability_zone_1 ] }
Tags: { get_input: [ resource_config, subnet_1_tags ] }
relationships:
- type: cloudify.relationships.depends_on
target: vpc
- type: cloudify.relationships.depends_on
target: internet_gateway
subnet_2:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config: *aws_client
resource_config:
CidrBlock: { get_input: [ resource_config, subnet_2_cidr ] }
AvailabilityZone: { get_input: [ resource_config, availability_zone_2 ] }
Tags: { get_input: [ resource_config, subnet_2_tags ] }
relationships:
- type: cloudify.relationships.depends_on
target: vpc
- type: cloudify.relationships.depends_on
target: internet_gateway
agents_security_group:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
client_config: *aws_client
resource_config:
GroupName: { concat: [ { get_input: [ resource_config, name ] } , '-cfy-agents' ] }
Description: For Cloudify Agents
VpcId: { get_attribute: [ vpc, aws_resource_id ] }
relationships:
- type: cloudify.relationships.depends_on
target: vpc
agents_security_group_rules:
type: cloudify.nodes.aws.ec2.SecurityGroupRuleIngress
properties:
client_config: *aws_client
resource_config:
IpPermissions:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 8443
ToPort: 8443
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7681
ToPort: 7682
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 30080
ToPort: 30080
IpRanges:
- CidrIp: 0.0.0.0/0
relationships:
- type: cloudify.relationships.contained_in
target: agents_security_group
capabilities:
vpc_id:
description: |
AWS ID of the VPC
value: { get_attribute: [ vpc, aws_resource_id ] }
subnet_ids:
description: |
AWS ID's of subnets
value:
- { get_attribute: [ subnet_1, aws_resource_id ] }
- { get_attribute: [ subnet_2, aws_resource_id ] }
availability_zones:
description: |
AWS availability zones to work with
value:
- { get_attribute: [ subnet_1, resource_config, AvailabilityZone ] }
- { get_attribute: [ subnet_2, resource_config, AvailabilityZone ] }
internet_gateway_id:
description: |
AWS ID of internet gateway
value: { get_attribute: [ internet_gateway, aws_resource_id ] }
agents_security_group_id:
description: |
AWS ID of a security group that allows Cloudify Manager to access
VM's via SSH
value: { get_attribute: [ agents_security_group, aws_resource_id ] }